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Build on the identity, endpoint, 
and cloud providers you already use 


Juggling multiple identity, endpoint, and cloud providers within an organization is inevitable, 
but need not be burdensome. At Cloudflare, our goal is to empower your organization with 
the most robust security in the easiest-to-use way. Unlike other vendors, we do not have 
any vested interest in what specific providers in those categories you work with today or 

in the future. 


We're agnostic. Therefore, our long-held strategy has been to design Cloudflare Zero Trust to 
integrate with as many other solutions as possible. 


Through integrations, Cloudflare aggregates signals across multiple providers and serves as 
a single control pane to enforce context-rich, granular policies all across our global network. 
Moreover, these integrations do not require researching dense technical documentation; they 
are pre-built as workflows for more seamless, single-pane management. 
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Here, we highlight three principles we follow to meet customers where they are: 


e Identity agnostic: Authenticate users across multiple identity provider types for 
frictionless access across all users without any configuration headaches. 


e Endpoint agnostic: Enrich your device posture checks in more granular and adaptive ways 
with signals both from your favorite endpoint providers and our device client. 


e Cloud agnostic: Secure applications on any public or private (on-prem) cloud to avoid 
long-term vendor lock-in. 
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Aggregate multiple identities onto Cloudflare 


Multi-SSO 


Cloudflare built one of the first Zero Trust access 
solutions to support multiple identity providers (IdPs) 
simultaneously. Today, we integrate with leading 
corporate IdPs (such as Okta or Azure AD), as well 
as social identities (like LinkedIn or Github) and open 
source standards (like SAML or OIDC). Moreover, 

we support multiple instances of the same IdP: for 
example, a FedRAMP and non-FedRamp use of Okta. 


Federate multiple identities at once 


Our ability to federate identity across many IdPs can 
jumpstart the process of building identity-aware 
policies. Organizations no longer need to build custom 
integrations between their IdPs. 


Growth-stage organizations with more limited infosec 
personnel may find federation a particularly powerful 
tool to scale a Zero Trust approach without the hassle 
of consolidating a single centralized directory. 
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Key features 


e Cloudflare integrates with multiple IdPs 
simultaneously, all best-in-class 


e Federate multiple providers and multiple 
instances of each provider 


e Faster onboarding for 3rd party users and 
M&A partners 


Use Case: 


Making 3rd party users feel like first class 
citizens 


Cloudflare’s identity-agnostic approach is 
particularly handy when collaborating with 
third parties outside your organization such 
contractors, acquired businesses, or partners. 
Least-privileged access rules can be set up in 
minutes based on the identities these users 
already bring to the table. 


This no-fuss flexibility avoids the inefficiencies 
and security risks of provisioning SSO 
licences, deploying VPNs, or creating one-off 
permissions. 
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Best-in-class endpoint protection partners 


Partnerships 


Cloudflare partners with CrowdStrike, 
SentinelOne, VMware Carbon Black, 
Tanium, Uptycs and Microsoft Intune. 


Customers can onboard multiple endpoint 
protection providers at once and leverage 
security signals and risk assessment 
capabilities of those solutions. 


Configuration 


Configuring any of these providers is just a 
few clicks on the Cloudflare dashboard with 
prebuilt workflows. Once set up, Cloudflare 
can check that devices are running your 
preferred endpoint software to provide 
ongoing monitoring against malware and 
other threats before allowing or denying 
access to a protected application. 


Our endpoint agnostic approach to Zero Trust 
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Integrations enhanced by our device client (WARP) 


Leveling up security often requires a device client, which can enrich device posture checks 
with additional attributes. We've deliberately optimized ours for flexible and effortless adoption. 


Deploy on most operating systems 


Our enterprise client - WARP - works across a 
growing list of the most popular operating systems 
(e.g. Windows, macOS, Linux, iOS, ChromeOSs, 

and Android). 


Our modern WireGuard architecture only ever 
requires minor OS-specific code tweaks. 


Our enterprise client has a consumer version used 
daily by millions worldwide. Testing for so many 
individual users means WARP comes more 
battle-ready than most clients used for Zero Trust. 


Managed or self-enrollment options 


For managed devices, we document deployments 
with any script-based method across popular 
mobile device management (MDM) software. 


Self-enrollment of WARP can be useful for third 
party users and only takes a few minutes for any 
desktop or mobile phone. 
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Avoiding cloud provider lock-in 


Problem 


o. o Key features 
Some, more monolithic vendors are primarily 


interested in increasing your consumption of their 
cloud services, particularly at the storage and 
compute layers. 


e Zero Trust access across public, private, and 
SaaS clouds environments 


e No vendor lock-in to cloud compute or 
To nobody’s surprise, their add-on security solutions storage destinations 


don't integrate as smoothly as they should with other 
cloud providers. Little inconveniences like weaker 
documentation and bugs add up. That tech stack 
lock-in makes life more difficult for your infosec teams. 


e App connectors, network on-ramp partners, 
and storage integrations that make it easy for 
you to interact with apps in any cloud 


Solution 


By contrast, our strategic focus is your security - not 
your cloud consumption. Cloudflare is cloud agnostic: 
We secure access to any resource in any public, 
private, or SaaS cloud environment. 


Cloudflare is designed to 


prioritize your flexibility when 
securing any cloud-based app. 
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Cloudflare strengths 


Extend connections to apps in any cloud Push log data to any cloud 


ie Our lightweight app connector works b Log data can be stored across clouds or sent 


in every cloud directly to analytics providers 


e Run command-line tool as a service on Linux e Built-in support for one or more storage 
and other OSes destinations concurrently including AWS, 
e Pre-packaged as a Docker container Azure, Google Cloud, and any S3-compatible 


e Replica support for modern Kubernetes APNE: g- Digital Gesam Spaces] 


environments e Built-in integrations with analytics and SIEM 
tools like Sumo Logic, Splunk, and Datadog 


e Tunnel can be configured and monitored 
via the UI 


Extensive interconnects with cloud providers x 


Security across any public or private cloud 


e Fast connections for users enabled by 11,000 
interconnections between our network and 
other cloud providers, 50 of which are private 
interconnects with Microsoft, Amazon, and 
Google’s data centers 


Diverse network onramp partners that 


are not cloud-specific 


e Easily connect any public and private cloud 
environment to our network using your existing 
SD-WAN routing method (e.g. VMware) or 
privately interconnect at over 1600 colo 
provider locations (e.g. Equinix) 
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Roster of Zero Trust integration partners 


Over time, Cloudflare will aggregate signals from an even wider roster of your preferred 
providers, all bolstered by the intelligence of our Zero Trust platform and global network. 


@ Identity Providers El Endpoint Providers 
Corporate SSOs Social identities Endpoint Protection Endpoint 
, Providers Management 
i cently i ER SED ABS (for device security Providers 
e Citrix ADC e GitHub posture) (for client 
e Google Workspace e Google deployment) 
JumpCloud LinkedIn me FNS 
i i e Microsoft Endpoint e Hexnode 
° Microsoft Azure e Yandex Manager e |vanti 
Active Directory (AD) , 
Okta e SentinelOne e Jamf 
: Open Source e Tanium e JumpCloud 
e OneLogin Uot Kandii 
. ° cs e Kandji 
e Pingldentity athe P . i 
e SAML 2.0 e VMware Carbon e Microsoft Intune 
Black 
e% Network Onramp Partners & Cloud Providers 
Physical Interconnect Fabric Interconnect Cloud Storage Cloud Analytics & 
Partners Partners Destinations SIEM Partners 
e 365 Data Centers e Console Connect / e AWS S3 e Azure Sentinel 
e BBIX PCCW e Google Cloud e Datadog 
e CoreSite e CoreSite Storage e Elastic 
e Cyxtera e Epsilon Infiny e Microsoft Azure Blob e Google Cloud 
ini i Storage 
e Databank e Equinix Fabric å e Graylog 


e Other vendors with 


+ ag e Megaport 

e Digital Realty gap an S3-compatible e IBM QRadar 
e EdgeConneX e PacketFabric API e Looker 
e Equinix e New Relic 
e Netrality Data e Splunk 

Centers SD-WAN e Sumo Logic 
s Ferda e Aruba (Silverpeak) 
e Zayo 


e Cisco 
e VMware (Velocloud) 


To learn more about Cloudflare Zero Trust and request a demo or POC from a sales 
representative, please visit: https://www.cloudflare.com/products/zero-trust. 
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